0

我尝试通过 kubespray master 分支安装 Kubernetes 1.21.1。它位于代理服务器后面。我在crio环境和全局环境中填写了http_proxy、https_proxy、no_proxy。

主控 1:192.168.33.33 主控 2:192.168.33.34 主控 3:192.168.33.35

HTTP_PROXY=http://squid1.example.it:3128
http_proxy=http://squid1.example.it:3128
no_proxy=localhost,localhost4,127.0.0.1,.example.it,192.168.33.33,192.168.33.34,192.168.33.35,192.168.33.32,192.168.33.31,10.233.0.0/18,10.233.64.0/18,cz-itops-m1,cz-itops-m2,cz-itops-m3
NO_PROXY=localhost,localhost4,127.0.0.1,.example.it,192.168.33.33,192.168.33.34,192.168.33.35,192.168.33.32,192.168.33.31,10.233.0.0/18,10.233.64.0/18,cz-itops-m1,cz-itops-m2,cz-itops-m3

我无法使用 cri-o 运行时启动 kube-api 服务器,kubelet 正在重新启动。当 kubeadm init 尝试与 kube-api 建立连接时,在 initiaze master 上安装失败。我的连接被拒绝。

我用谷歌搜索我没有找到任何问题的答案。

有人可以帮我吗?

Kubelet 日志

Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848422   22460 manager.go:917] ignoring container "/system.slice/run-utsns-cc759b9b\\x2d6f5b\\x2d4c4a\\x2d87e6\\x2db745ac9613dd.mount"
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848426   22460 factory.go:220] Factory "containerd" was unable to handle container "/system.slice/run-utsns-af812bcd\\x2d22ab\\x2d4629\\x2d82e2\\x2d7270f669cc66.mount"
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848430   22460 factory.go:220] Factory "crio" was unable to handle container "/system.slice/run-utsns-af812bcd\\x2d22ab\\x2d4629\\x2d82e2\\x2d7270f669cc66.mount"
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848435   22460 factory.go:213] Factory "systemd" can handle container "/system.slice/run-utsns-af812bcd\\x2d22ab\\x2d4629\\x2d82e2\\x2d7270f669cc66.mount", but ignoring.
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848442   22460 manager.go:917] ignoring container "/system.slice/run-utsns-af812bcd\\x2d22ab\\x2d4629\\x2d82e2\\x2d7270f669cc66.mount"
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848447   22460 factory.go:220] Factory "containerd" was unable to handle container "/system.slice/run-utsns-d12d86b2\\x2d6bb1\\x2d4068\\x2d83e6\\x2d394fdecf43f0.mount"
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848451   22460 factory.go:220] Factory "crio" was unable to handle container "/system.slice/run-utsns-d12d86b2\\x2d6bb1\\x2d4068\\x2d83e6\\x2d394fdecf43f0.mount"
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848456   22460 factory.go:213] Factory "systemd" can handle container "/system.slice/run-utsns-d12d86b2\\x2d6bb1\\x2d4068\\x2d83e6\\x2d394fdecf43f0.mount", but ignoring.
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848462   22460 manager.go:917] ignoring container "/system.slice/run-utsns-d12d86b2\\x2d6bb1\\x2d4068\\x2d83e6\\x2d394fdecf43f0.mount"
Jun 23 14:53:19 cz-itops-m2 kubelet[22460]: I0623 14:53:18.848467   22460 factory.go:220] Factory "containerd" was unable to handle container "/system.slice/run-utsns-e28bde38\\x2d6a1e\\x2d4952\\x2dba63\\x2df5b4d366d130.mount"

Jun 23 15:23:28 cz-itops-m2 kubelet[51252]: E0623 15:23:28.584748   51252 kubelet.go:2291] "Error getting node" err="node \"cz-itops-m2\" not found"
Jun 23 15:23:28 cz-itops-m2 kubelet[51252]: E0623 15:23:28.685707   51252 kubelet.go:2291] "Error getting node" err="node \"cz-itops-m2\" not found"
Jun 23 15:23:28 cz-itops-m2 kubelet[51252]: E0623 15:23:28.786381   51252 kubelet.go:2291] "Error getting node" err="node \"cz-itops-m2\" not found"

un 23 15:23:30 cz-itops-m2 kubelet[51252]: I0623 15:23:30.137671   51252 prober.go:173] "HTTP-Probe Host" scheme="http" host="127.0.0.1" port=2381 path="/health"
Jun 23 15:23:30 cz-itops-m2 kubelet[51252]: I0623 15:23:30.137725   51252 prober.go:176] "HTTP-Probe Headers" headers=map[]
Jun 23 15:23:30 cz-itops-m2 kubelet[51252]: I0623 15:23:30.139467   51252 http.go:134] Probe succeeded for http://127.0.0.1:2381/health, Response: {200 OK 200 HTTP/1.1 1 1 map[Content-Length:[17] Content-Type:[text/plain; charset=utf-8] Date:[Wed, 23 Jun 2021 13:23:30 GMT]] 0xc0013cb660 17 [] true false map[] 0xc001640300 <nil>}
Jun 23 15:23:30 cz-itops-m2 kubelet[51252]: I0623 15:23:30.139550   51252 prober.go:125] "Probe succeeded" probeType="Liveness" pod="kube-system/etcd-cz-itops-m2" podUID=1d7187d9accf1de2c438723a0b4b7229 containerName="etcd"
Jun 23 15:23:30 cz-itops-m2 kubelet[51252]: I0623 15:23:30.156803   51252 prober.go:173] "HTTP-Probe Host" scheme="https" host="192.168.33.34" port=10257 path="/healthz"
Jun 23 15:23:30 cz-itops-m2 kubelet[51252]: I0623 15:23:30.156848   51252 prober.go:176] "HTTP-Probe Headers" headers=map[]
Jun 23 15:23:30 cz-itops-m2 kubelet[51252]: I0623 15:23:30.167119   51252 http.go:134] Probe succeeded for https://192.168.33.34:10257/healthz, Response: {200 OK 200 HTTP/2.0 2 0 map[Cache-Control:[no-cache, private] Content-Length:[2] Content-Type:[text/plain; charset=utf-8] Date:[Wed, 23 Jun 2021 13:23:30 GMT] X-Content-Type-Options:[nosniff]] 0xc000295cc0 2 [] false false map[] 0xc000c90100 0xc0017b2210}
Jun 23 15:23:30 cz-itops-m2 kubelet[51252]: I0623 15:23:30.167199   51252 prober.go:125] "Probe succeeded" probeType="Liveness" pod="kube-system/kube-controller-manager-cz-itops-m2" podUID=f0be62f929531d12c573191d7cc11439 containerName="kube-controller-manager"


Jun 23 15:27:45 cz-itops-m2 kubelet[56261]: I0623 15:27:45.549719   56261 round_trippers.go:454] GET https://192.168.33.34:6443/api/v1/nodes?fieldSelector=metadata.name%3Dcz-itops-m2&limit=500&resourceVersion=0  in 0 milliseconds
Jun 23 15:27:45 cz-itops-m2 kubelet[56261]: I0623 15:27:45.549734   56261 round_trippers.go:460] Response Headers:
Jun 23 15:27:45 cz-itops-m2 kubelet[56261]: E0623 15:27:45.549816   56261 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1.Node: failed to list *v1.Node: Get "https://192.168.33.34:6443/api/v1/nodes?fieldSelector=metadata.name%3Dcz-itops-m2&limit=500&resourceVersion=0": dial tcp 192.168.33.34:6443: connect: connection refused
Jun 23 15:27:46 cz-itops-m2 kubelet[56261]: I0623 15:27:46.151133   56261 reflector.go:255] Listing and watching *v1.Service from k8s.io/client-go/informers/factory.go:134
Jun 23 15:27:46 cz-itops-m2 kubelet[56261]: I0623 15:27:46.151381   56261 round_trippers.go:435] curl -k -v -XGET  -H "User-Agent: kubelet/v1.21.1 (linux/amd64) kubernetes/5e58841" -H "Accept: application/vnd.kubernetes.protobuf,application/json" 'https://192.168.33.34:6443/api/v1/services?limit=500&resourceVersion=0'
Jun 23 15:27:46 cz-itops-m2 kubelet[56261]: I0623 15:27:46.151694   56261 round_trippers.go:454] GET https://192.168.33.34:6443/api/v1/services?limit=500&resourceVersion=0  in 0 milliseconds
Jun 23 15:27:46 cz-itops-m2 kubelet[56261]: I0623 15:27:46.151713   56261 round_trippers.go:460] Response Headers:
Jun 23 15:27:46 cz-itops-m2 kubelet[56261]: E0623 15:27:46.151854   56261 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1.Service: failed to list *v1.Service: Get "https://192.168.33.34:6443/api/v1/services?limit=500&resourceVersion=0": dial tcp 192.168.33.34:6443: connect: connection refused

● kubelet.service - Kubernetes Kubelet Server
   Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-06-23 15:33:00 CEST; 6s ago
     Docs: https://github.com/GoogleCloudPlatform/kubernetes
 Main PID: 62056 (kubelet)
    Tasks: 10
   Memory: 23.9M
   CGroup: /system.slice/kubelet.service
           └─62056 /usr/local/bin/kubelet --logtostderr=true --v=55555 --node-ip=192.168.33.34 --hostname-override=cz-itops-m2 --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --config=/etc/kubernetes/kubelet-config.yaml --kubeconfig=/etc/kubernetes/kubelet.conf --container-runtime=remote --container-runtime-endpoint=unix:///var/run/crio/crio.sock --runtime-cgroups=/systemd/system.slice --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin

Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398843   62056 flags.go:59] FLAG: --cpu-cfs-quota="true"
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398846   62056 flags.go:59] FLAG: --cpu-cfs-quota-period="100ms"
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398850   62056 flags.go:59] FLAG: --cpu-manager-policy="none"
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398853   62056 flags.go:59] FLAG: --cpu-manager-reconcile-period="10s"
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398856   62056 flags.go:59] FLAG: --docker="unix:///var/run/docker.sock"
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398860   62056 flags.go:59] FLAG: --docker-endpoint="unix:///var/run/docker.sock"
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398864   62056 flags.go:59] FLAG: --docker-env-metadata-whitelist=""
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398867   62056 flags.go:59] FLAG: --docker-only="false"
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398870   62056 flags.go:59] FLAG: --docker-root="/var/lib/docker"
Jun 23 15:33:00 cz-itops-m2 kubelet[62056]: I0623 15:33:00.398873   62056 flags.go:59] FLAG: --docker-tls="false"

kubeadm 初始化命令

/usr/local/bin/kubeadm init --v=5 --config=/etc/kubernetes/kubeadm-config.yaml --ignore-preflight-errors=all --skip-phases=addon/coredns --upload-certs

kubeadm 输出

[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 5m0s
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.

        Unfortunately, an error has occurred:
                timed out waiting for the condition

        This error is likely caused by:
                - The kubelet is not running
                - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

        If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
                - 'systemctl status kubelet'
                - 'journalctl -xeu kubelet'

        Additionally, a control plane component may have crashed or exited when started by the container runtime.
        To troubleshoot, list all containers using your preferred container runtimes CLI.

        Here is one example how you may list all Kubernetes containers running in cri-o/containerd using crictl:
                - 'crictl --runtime-endpoint /var/run/crio/crio.sock ps -a | grep kube | grep -v pause'
                Once you have found the failing container, you can inspect its logs with:
                - 'crictl --runtime-endpoint /var/run/crio/crio.sock logs CONTAINERID'

couldn't initialize a Kubernetes cluster
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/init.runWaitControlPlanePhase
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go:114
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run.func1
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow/runner.go:234
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).visitAll
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow/runner.go:421
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow/runner.go:207
k8s.io/kubernetes/cmd/kubeadm/app/cmd.newCmdInit.func1
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/init.go:152
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:850
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:958
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:895
k8s.io/kubernetes/cmd/kubeadm/app.Run
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/kubeadm.go:50
main.main
        _output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/kubeadm.go:25
runtime.main
        /usr/local/go/src/runtime/proc.go:225
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1371
error execution phase wait-control-plane
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run.func1
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow/runner.go:235
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).visitAll
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow/runner.go:421
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow/runner.go:207
k8s.io/kubernetes/cmd/kubeadm/app/cmd.newCmdInit.func1
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/cmd/init.go:152
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:850
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:958
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:895
k8s.io/kubernetes/cmd/kubeadm/app.Run
        /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/app/kubeadm.go:50
main.main
        _output/dockerized/go/src/k8s.io/kubernetes/cmd/kubeadm/kubeadm.go:25
runtime.main
        /usr/local/go/src/runtime/proc.go:225
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1371

Kubelet 配置 - /var/lib/kubelet/config.yaml

apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 0s
    enabled: true
  x509:
    clientCAFile: /etc/kubernetes/ssl/ca.crt
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 0s
    cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
clusterDNS:
- 10.233.0.10
clusterDomain: na.tipsport.it
cpuManagerReconcilePeriod: 0s
evictionPressureTransitionPeriod: 0s
fileCheckFrequency: 0s
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 0s
imageMinimumGCAge: 0s
kind: KubeletConfiguration
logging: {}
nodeStatusReportFrequency: 0s
nodeStatusUpdateFrequency: 0s
rotateCertificates: true
runtimeRequestTimeout: 0s
shutdownGracePeriod: 0s
shutdownGracePeriodCriticalPods: 0s
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 0s
syncFrequency: 0s
volumeStatsAggPeriod: 0s

/etc/kubernetes/manifests/kube-apiserver.yaml

apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.33.34:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=192.168.33.34
    - --allow-privileged=true
    - --anonymous-auth=True
    - --apiserver-count=3
    - --authorization-mode=Node,RBAC
    - --bind-address=0.0.0.0
    - --client-ca-file=/etc/kubernetes/ssl/ca.crt
    - --default-not-ready-toleration-seconds=300
    - --default-unreachable-toleration-seconds=300
    - --enable-admission-plugins=NodeRestriction
    - --enable-aggregator-routing=False
    - --enable-bootstrap-token-auth=true
    - --endpoint-reconciler-type=lease
    - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt
    - --etcd-certfile=/etc/kubernetes/ssl/apiserver-etcd-client.crt
    - --etcd-keyfile=/etc/kubernetes/ssl/apiserver-etcd-client.key
    - --etcd-servers=https://127.0.0.1:2379
    - --event-ttl=1h0m0s
    - --insecure-port=0
    - --kubelet-client-certificate=/etc/kubernetes/ssl/apiserver-kubelet-client.crt
    - --kubelet-client-key=/etc/kubernetes/ssl/apiserver-kubelet-client.key
    - --kubelet-preferred-address-types=InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP
    - --profiling=False
    - --proxy-client-cert-file=/etc/kubernetes/ssl/front-proxy-client.crt
    - --proxy-client-key-file=/etc/kubernetes/ssl/front-proxy-client.key
    - --request-timeout=1m0s
    - --requestheader-allowed-names=front-proxy-client
    - --requestheader-client-ca-file=/etc/kubernetes/ssl/front-proxy-ca.crt
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User
    - --secure-port=6443
    - --service-account-issuer=https://kubernetes.default.svc.na.tipsport.it
    - --service-account-key-file=/etc/kubernetes/ssl/sa.pub
    - --service-account-signing-key-file=/etc/kubernetes/ssl/sa.key
    - --service-cluster-ip-range=10.233.0.0/18
    - --service-node-port-range=30000-32767
    - --storage-backend=etcd3
    - --tls-cert-file=/etc/kubernetes/ssl/apiserver.crt
    - --tls-private-key-file=/etc/kubernetes/ssl/apiserver.key
    env:
    - name: NO_PROXY
      value: localhost,localhost4,127.0.0.1,.tipsport.it,192.168.33.33,192.168.33.34,192.168.33.35,192.168.33.32,192.168.33.31,10.233.0.0/18,10.233.64.0/18,cz-itops-m1,cz-itops-m2,cz-itops-m3
    - name: http_proxy
      value: http://squid1.tipsport.it:3128
    - name: HTTPS_PROXY
      value: http://squid1.tipsport.it:3128
    - name: https_proxy
      value: http://squid1.tipsport.it:3128
    - name: no_proxy
      value: localhost,localhost4,127.0.0.1,.tipsport.it,192.168.33.33,192.168.33.34,192.168.33.35,192.168.33.32,192.168.33.31,10.233.0.0/18,10.233.64.0/18,cz-itops-m1,cz-itops-m2,cz-itops-m3
    - name: HTTP_PROXY
      value: http://squid1.tipsport.it:3128
    image: k8s.gcr.io/kube-apiserver:v1.21.1
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 8
      httpGet:
        host: 192.168.33.34
        path: /livez
        port: 6443
        scheme: HTTPS
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    name: kube-apiserver
    readinessProbe:
      failureThreshold: 3
      httpGet:
        host: 192.168.33.34
        path: /readyz
        port: 6443
        scheme: HTTPS
      periodSeconds: 1
      timeoutSeconds: 15
    resources:
      requests:
        cpu: 250m
    startupProbe:
      failureThreshold: 30
      httpGet:
        host: 192.168.33.34
        path: /livez
        port: 6443
        scheme: HTTPS
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    volumeMounts:
    - mountPath: /etc/ssl/certs
      name: ca-certs
      readOnly: true
    - mountPath: /etc/pki
      name: etc-pki
      readOnly: true
    - mountPath: /etc/pki/ca-trust
      name: etc-pki-ca-trust
      readOnly: true
    - mountPath: /etc/pki/tls
      name: etc-pki-tls
      readOnly: true
    - mountPath: /etc/kubernetes/ssl
      name: k8s-certs
      readOnly: true
  hostNetwork: true
  priorityClassName: system-node-critical
  volumes:
  - hostPath:
      path: /etc/ssl/certs
      type: DirectoryOrCreate
    name: ca-certs
  - hostPath:
      path: /etc/pki
      type: DirectoryOrCreate
    name: etc-pki
  - hostPath:
      path: /etc/pki/ca-trust
      type: ""
    name: etc-pki-ca-trust
  - hostPath:
      path: /etc/pki/tls
      type: ""
    name: etc-pki-tls
  - hostPath:
      path: /etc/kubernetes/ssl
      type: DirectoryOrCreate
    name: k8s-certs
status: {}
[cz-itops-m2(192.168.33.34) ~]# crictl --runtime-endpoint /var/run/crio/crio.sock ps -a
I0623 15:51:33.398777   81236 util_unix.go:103] "Using this endpoint is deprecated, please consider using full URL format" endpoint="/var/run/crio/crio.sock" URL="unix:///var/run/crio/crio.sock"
CONTAINER           IMAGE                                                              CREATED              STATE               NAME                      ATTEMPT             POD ID
75cdd4d1557a3       771ffcf9ca634e37cbd3202fd86bd7e2df48ecba4067d1992541bfa00e88a9bb   20 seconds ago       Running             kube-apiserver            81                  2700619d64cd8
b17394a27c5bd       771ffcf9ca634e37cbd3202fd86bd7e2df48ecba4067d1992541bfa00e88a9bb   About a minute ago   Exited              kube-apiserver            80                  2700619d64cd8
fd0cf2d7612ed       e16544fd47b02fea6201a1c39f0ffae170968b6dd48ac2643c4db3cab0011ed4   About an hour ago    Running             kube-controller-manager   2                   890ba9948e61d
b43902ed63f8a       a4183b88f6e65972c4b176b43ca59de31868635a7e43805f4c6e26203de1742f   About an hour ago    Running             kube-scheduler            2                   ed70ac01a9292
72cbe05accf99       a4183b88f6e65972c4b176b43ca59de31868635a7e43805f4c6e26203de1742f   About an hour ago    Exited              kube-scheduler            1                   ed70ac01a9292
188e83ace11f6       e16544fd47b02fea6201a1c39f0ffae170968b6dd48ac2643c4db3cab0011ed4   About an hour ago    Exited              kube-controller-manager   1                   890ba9948e61d
39af1f7134c6c       771ffcf9ca634e37cbd3202fd86bd7e2df48ecba4067d1992541bfa00e88a9bb   About an hour ago    Exited              kube-apiserver            10                  96e499dceadb9
29b005d4ee49d       e16544fd47b02fea6201a1c39f0ffae170968b6dd48ac2643c4db3cab0011ed4   About an hour ago    Exited              kube-controller-manager   1                   6f2ae6f00c016
d8350d394c87f       a4183b88f6e65972c4b176b43ca59de31868635a7e43805f4c6e26203de1742f   About an hour ago    Exited              kube-scheduler            1                   efe947983d387
02dc663715f28       771ffcf9ca634e37cbd3202fd86bd7e2df48ecba4067d1992541bfa00e88a9bb   About an hour ago    Exited              kube-apiserver            0                   14fb9e0dccee5
b778962034c37       d1985d4043858c43893f46e699d39a7640156962f1ccf0a2d64b8c8d621f00fc   About an hour ago    Running             etcd                      0                   65383591efff3
4

1 回答 1

1

问题是在本地主机上允许 IPv6。它正在侦听 IPv6 localhost,如下所示。

E0623 15:44:27.039563       1 reflector.go:138] k8s.io/kubernetes/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go:444: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: Get "https://[::1]:6443/api/v1/namespaces/kube-system/configmaps?limit=500&resourceVersion=0": dial tcp [::1]:6443: i/o timeout

运行此命令以从 kube api 获取日志。

crictl --runtime-endpoint unix:///var/run/crio/crio.sock ps -a

然后

crictl --runtime-endpoint unix:///var/run/crio/crio.sock logs [id container]

只要确保你在 /etc/sysctl.conf 中有这个。不允许使用 IPv6 进行其他任何操作。

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
sysctl -p
于 2021-06-23T16:28:15.290 回答